On regulating encryption

I wrote a few quick thoughts about the latest aimless flailing around of the politicians of Australia and the United Kingdom as they desperately attempt to appear like they’re doing something about national security by talking about what a scary place the Internet has become.

I make no claim about being a crypto expert but I don’t believe it’s possible to accomplish what they want without either massively compromising the security of everyone by forcing companies to comply and use weaker encryption or fundamentally altering the nature of the Internet and personal computing (perhaps as described in Vernor Vinge’s Huge award-winning science fiction novel, Rainbow’s End).

Anyway, here is a short list of actions required to regulate encryption. Good luck.

Listening to the 2016 Hottest 100 without Flash

Unfortunately a combination of travel and time difference meant that for Australia Day this year I missed out on one of favourite yearly events – listening to Triple J’s Hottest 100.

Fortunately, they know that there are many Australians around the world that can’t listen to it real time, and make a full replay of the whole thing available for streaming on their [massive spoiler warning!] Hottest 100 sitelet.

Unfortunately, it seems to have a hard dependency on Flash, something which I gave up on about a year ago and don’t want to try.

Fortunately, the streams are listed fairly obviously in the HTML of the page, and they are perfectly compatible with VLC. If you have VLC (and why wouldn’t you), you can use the following stream URLs and simply paste them into the box that appears when you go to Media->Open Network Stream:

PART 1 (#100 – #76)
PART 2 (#75 – #51)
PART 3 (#50 – #24)
PART 4 (#23 – #1)

The Startup Adventure of the Ghostbusters

A while back, while rewatching Ghostbusters for the millionth time, I was struck by several interesting startup parallels. I wrote down a few notes with the intention of preparing a presentation about it and then promptly forgot about it until recently.

Of course I made the classic startup mistake of not performing a cursory web search to see if people had already noticed this – which of course they had. So much has been written by others on this topic already, and it has probably gone through a lot more interesting analysis.

In any case, I still found it hilariously entertaining to continue to expanded on some of my notes, adding some screengrabs and clips; the result has been thrown up on Medium in an article titled Finding Product/Market Fit with the Ghostbuters: A Startup Success Story.

wpgpg – WordPress Encryption using GPG

I’ve been looking for an excuse to tinker with KeyBase.io’s kbpgp, a JavaScript implementation of PGP. As a fun experiment in masochism I thought it would be an interesting learning exercise to build GPG encryption of page output into WordPress and then decrypt it using kbpgp.

I have a working proof-of-concept now done; it is a little fiddly to get going and most definitely does not adhere to best practices regarding storage and use of private keys and passphrases. But it works! WordPress output is encrypted with a simple plugin that calls GPG, and can then be decrypted with a simple Chrome plugin.

It is currently dubbed wpgpg. Here is a super boring video of what it looks like in action.

The UK Settlement Visa Application Process

I have relocated to the UK under a “family of a settled person” visa (my partner is a British Citizen). The process was… interesting. There are many forum and blog posts about it but ultimately I’d say that (outside of the UK government’s excellent website) there’s a dearth of high quality information, so I thought I’d try to summarise the process from my side.

What follows is as terse a summary of events as I could make of a process that took a significant amount of time and effort, spread out over several months. Hopefully it makes sense!

Continue reading “The UK Settlement Visa Application Process”

My Firefox Tweaks

Despite everything I’m still a Firefox user and can’t see myself changing any time soon.

I have been making more and more changes to my standard Firefox configuration (outside of extensions) and keep forgetting to document them, so here they are (at least, a few of the ones I can remember – I assume I’ll find/remember for).

dom.event.clipboardevents.enabled = false

Overrides the ability of sites to handle clipboard events. This stops bad websites from preventing you from being able to paste your secure passwords into their password fields. (Docs)

network.http.speculative-parallel-limit = 0

Disable the completely rude speculative pre-connections feature which will open connections to sites based on several hints without you actually clicking on them. (Docs)

browser.pocket.enabled = false

Gets rid of that Pocket stuff which was stupidly added by Mozilla in v38.0.5. (Docs)

browser.urlbar.unifiedcomplete = false

Disables the annoying “visit” thing that pops up in the address bar as of v43:

visit-firefox

(Docs)

app.update.auto = false

Disables auto download and install of updates. (Docs)

browser.newtabpage.enhanced = false

Disable the ad tiles that turned up in v34.

browser.altClickSave = true

ALT-clicking a link to save it to disk worked happily until Firefox v13, when it was disabled by default.

browser.urlbar.trimURLs = false

Stops removing the ‘http’ part of URLs in the address bar. (Docs)

browser.display.background_color = #CCCCCC

I likes me a grey background.

privacy.trackingprotection.enabled = true

Enables Firefox’s tracking protection, blocking several trackers which allegedly enhances privacy. I typically have this set to false, because it can break a few things (some video players seem to rely on these trackers), but it’s good to know about. (Docs)

Google Ending Deceptive Download Buttons in Ads

Google announced yesterday that they’re ending the practice of allowing advertisers to use deceptive “download” or “play” styled advertisements in AdSense ads, dubbing it a form of “social engineering”.

If you’re an Internet user that has ever tried to download or watch anything on an ad-supported site, you will have seen these stupid annoying ads. On some sites they’re styled carefully to match the look and feel of the rest of the site, so they can look like actual native content – but they’re not, of course.

They’d look something like this:

download-play-ad

(Even worse, often they seem to link to third party versions of popular free/open source files – Adobe Acrobat Reader was always a popular one. I can only assume these third party versions are wrapped with adware or malware to justify the adverts.)

Here’s an example I just pulled off AusGamers right now:

ag-download-ad

If you’re a user, these make browsing the web irritating at best, but really they’re outright deceptive and can even be dangerous.

It’s obvious why these ads exist – there are enough users out there clicking on them to make them profitable. The cost of running the ad is less than whatever profit the advertisers are making from selling whatever the hell it is that they do.

As a result, it’s obvious why they end up on sites like AusGamers. AdSense rewards site operators on a per-click basis. Ads that perform well reward them more. On sites that offer a lot of downloads where the user’s brain is already in “GIVE ME THE DOWNLOAD BUTTON” mode, it is pretty easy to see how they work.

I have always hated these buttons for this reason. I was massively embarrassed when I started seeing these on AusGamers – putting AdSense on our download pages was something we did only relatively recently. So I decided to try to turn them off.

After figuring out the AdSense control panel I discovered that you could in fact block certain types of ads. However, each ad needs to be blocked individually in the Ad Review Center. This is what it looks like right now:

ad-review-centre

If you click through you’ll see there are 12 ads there – several of which are stupid download ones – but that this is only page 1 – 12 of about 106,961! Now, Google anticipated that you might not want to click through hundreds of thousands of pages of ads, so you can actually block entire ad accounts.

I went through several times when we first had these ads turn up and started blocking ads and accounts. Here’s a screen capture from a couple years ago:

blocked-ads

This is just one page of many (… many) which contains all the ads I’d blocked. Further, I’d blocked all the accounts I could find responsible for these kind of ads. But it made basically no difference to the number of these ads that showed up on the site.

It was an unstoppable tide of bullshit ads that – despite spending many hours manually blocking ads and blocking accounts – I could do nothing about. It made me sad.

I’m relieved to see Google taking action on this. It will make the web better. It will make users safer. And it will make site operators that run AdSense feel less like jerks for having these deceptive ads on their sites.

Reflections of an Australian Startup in the Midwest

In November 2013 I moved to the US – so as I write this, it’s been just over two years since I became a non-resident alien in the great state of Ohio.

The entire time I was here I envisioned writing a bunch to explain what it was like moving over here and trying to expand our tech company – a virtual server hosting service called Binary Lane – into the US market. But, reasons, and I never did, and I’ve felt guilty about it. Now 2016 has arrived I thought I’d try to put some words down.

The first thing I wanted to scribble were some notes about why an Australian tech company might want to consider destinations that are alternatives to Silicon Valley.

I have finally done this and posted my rather long and windy series of thoughts up on Medium. I hope it’s useful to someone and plan to write some more on the topic.

Moving on from the USA

It’d been just over two years since I moved to the USA, and my time here is now almost at an end. Sadly I’m not going back home to Australia just yet – in January 2016 I’m moving to London.

There are few cities that can genuinely be considered capitals of the world – and London is at the top of the list. A nexus of culture, finance, technology, and history, it has everything I could possibly want in a place to live. (Except, perhaps, too many English people that remember the result of the last Ashes series.)

With the exception of Brisbane – which for me will always be home – there is nowhere else I’d rather be going.

I’m excited about a new adventure in a new land; from a personal point of view I’m looking forward to being able to explore the United Kingdom in more detail, and being at the doorstep to the rest of Europe. From a professional perspective, I can’t wait to check out their entrepreneurial and startup ecosystem to develop new insights that I hope to bring back to Australia.

When I first moved here, I’d planned a whole series of posts that I fully intended to write about the journey, mostly targeted to Australian startups that were looking to expand to the US – how the visa process works, what you need to do when you arrive, what it’s like living in the US, how the midwest compares to the more common destinations… As I look back, I realise I did precisely no writing on this topic.

I hope to rectify this in the coming weeks by providing some reflections of my time in the US.